Uploaded image for project: 'FHIR Specification Feedback'
  1. FHIR Specification Feedback
  2. FHIR-36315

Unclear definitions of filtering vs restricting cases

XMLWordPrintableJSON

    • Icon: Change Request Change Request
    • Resolution: Persuasive with Modification
    • Icon: Medium Medium
    • US Da Vinci PDex (FHIR)
    • 2.0.0-ballot
    • Financial Mgmt
    • Provider-controlled Information Requests and Filtering
    • 6
    • Hide

      The intent of this section of the guide was to enable Providers to determine which content, from the data available from a payer should be committed to the member/patient record. The filtering step could be a manual or automated, rules-based process instituted by the receiving provider or provider organization.

      The paragraphs in question are as follows:

      All search parameters and subsequent filtering of returned information SHALL be controlled by the Provider making the information request. The Payer does not filter information that has been requested by the provider except for the application of any restrictions based on the scopes of the access token issued to the Provider per applicable law.

      Health Plans SHOULD only restrict provider access to a member’s data where that access is required in accordance with State or Federal regulations.

      Health Plan to Health Plan or Third-Party Application exchange is controlled by the Member using an OAuth2.0 Authorization.

       

      This is proposed to be changed as follows:

      All search parameters and subsequent filtering of returned information SHALL be controlled by the Provider making the information request. The Payer does not filter information that has been requested by the provider except for the application of any restrictions based on the scopes of the access token issued to the Provider per applicable law.

      Health Plans SHALL only restrict provider access to a member’s data where that access is required to be limited in accordance with State or Federal regulations, or individual restriction on sharing.

      Health Plan to Health Plan or Third-Party Application exchange is controlled by the Member using an member-mediated SMART-on-FHIR Authorization or via a member-directed payer-to-payer exchange.

      Show
      The intent of this section of the guide was to enable Providers to determine which content, from the data available from a payer should be committed to the member/patient record. The filtering step could be a manual or automated, rules-based process instituted by the receiving provider or provider organization. The paragraphs in question are as follows: All search parameters and subsequent filtering of returned information SHALL be controlled by the Provider making the information request. The Payer does not filter information that has been requested by the provider except for the application of any restrictions based on the scopes of the access token issued to the Provider per applicable law. Health Plans SHOULD only restrict provider access to a member’s data where that access is required in accordance with State or Federal regulations. Health Plan to Health Plan or Third-Party Application exchange is controlled by the Member using an OAuth2.0 Authorization.   This is proposed to be changed as follows: All search parameters and subsequent filtering of returned information SHALL be controlled by the Provider making the information request. The Payer does not filter information that has been requested by the provider except for the application of any restrictions based on the scopes of the access token issued to the Provider per applicable law. Health Plans SHALL only restrict provider access to a member’s data where that access is required to be limited in accordance with State or Federal regulations, or individual restriction on sharing. Health Plan to Health Plan or Third-Party Application exchange is controlled by the Member using an member-mediated SMART-on-FHIR Authorization or via a member-directed payer-to-payer exchange.
    • Bob Dieterle / Celine Lefebvre: 21-0-1
    • Clarification
    • Compatible, substantive
    • Yes
    • 2.0.0-ballot

      Sentences 3-5 of this section leave some room for interpretation:

       


      ...filtering of returned information SHALL be controlled by the Provider...


       


      ...Health Plans SHOULD only restrict provider access to a member’s data where....


       

      The mixing of SHALL and SHOULD here is interesting, it seems to mean that:

      Individual pieces of data for a member cannot be "filtered" from what is sent to a provider (excluding filtering for legal reasons), but the entire member dataset can be "restricted" from being accessed by that provider, beyond those legal reasons.

      If that is the correct interpretation, I think explaining the interaction between filtering and restricting with some examples here is important, as I suspect this is outlining a model of payer filtering control that is coarser than what some systems have currently implemented.

            Unassigned Unassigned
            eddyhnieves Eddy Hernandez-Nieves (Inactive)
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: